Backend Developer Interview Questions (API, DB & Architecture)

by
10 min read 1,921 words Updated:
Backend Developer Interview Questions Guide
Table of Contents show

What Backend Interviews Test in 2025

Backend interviews test system design over syntax memorization. Companies probe how you build APIs that don’t break during updates, optimize databases beyond adding indexes, and architect systems that handle real traffic. This article covers backend application fundamentals: API design (REST vs GraphQL trade-offs, versioning strategies), database performance (N+1 queries, indexing decisions, connection pooling), system architecture (caching layers, scaling patterns), and reliability basics tested in backend developer interview questions.

You’ll learn REST principles beyond HTTP methods, when GraphQL solves problems versus creating them, database optimization strategies that actually work in production, caching patterns that improve performance without introducing bugs, and scaling approaches for handling growth. Understanding technical interview fundamentals helps, but this focuses on backend application specifics, not infrastructure operations or DevOps practices covered elsewhere.

API Design Fundamentals

Modern backend roles require solid grasp of API design interview questions covering REST principles, versioning strategies, and security patterns.

REST API Principles

Q: What makes an API truly RESTful beyond using HTTP?

Statelessness means each request contains complete context (server doesn’t remember previous requests). Resource-based URIs represent entities like /users/123 not actions like /getUser. Standard HTTP methods map to operations: GET retrieves, POST creates, PUT replaces, PATCH updates, DELETE removes. Responses should be cacheable with proper headers. HATEOAS provides links to related resources letting clients discover actions dynamically.

Q: How do you version APIs without breaking existing clients?

URI versioning (/v1/users) provides clear separation but creates endpoint proliferation. Header versioning (Accept: application/vnd.api.v2+json) keeps URLs clean but complicates testing. Query parameters (/users?version=2) offer flexibility but clutter signatures. The key is deprecation strategy: support old versions with sunset dates, use feature flags for testing, require major versions only for breaking changes (removing fields, changing structures), allow additive changes in current versions.

Q: Explain authentication versus authorization in APIs.

Authentication verifies identity (who you are). Authorization determines access (what you can do). API keys identify applications but leak in client code. OAuth 2.0 delegates authorization without sharing passwords. JWTs carry claims about users but require signature verification. Rate limiting prevents abuse using token bucket algorithms. Input validation blocks injection (parameterized queries defeat SQL injection, output encoding prevents XSS).

Q: When would you choose GraphQL over REST?

GraphQL solves over-fetching (getting unwanted data) and under-fetching (multiple requests for related data). Mobile clients request exactly needed fields reducing payloads. Frontend teams query related data without backend changes. Single endpoint simplifies infrastructure. However, caching becomes harder (POST to /graphql bypasses HTTP caching), query complexity spikes with nested data, rate limiting requires analyzing query structure. REST wins for simple CRUD, public APIs needing HTTP caching, teams wanting mature tooling.

Database Performance and Optimization

Understanding database optimization techniques separates candidates who’ve built production systems from those with only tutorial experience.

Common Database Performance Issues

Q: What causes N+1 query problems and how do you fix them?

N+1 queries happen when loading a collection triggers individual queries for related data. Fetching 100 blog posts then querying each post’s author creates 101 database roundtrips. ORMs make this easy to write but expensive to run.

Eager loading solves this. In SQL, SELECT posts.*, authors.* FROM posts JOIN authors fetches everything in one query. ORM tools offer .includes() or .with() for eager loading. GraphQL DataLoader batches requests turning multiple fetches into single bulk operations.

Q: How do you decide which columns to index?

Index columns in WHERE clauses, JOIN conditions, ORDER BY statements. Composite indexes support multi-column queries (CREATE INDEX ON users(country, city)). Index order matters: leading columns enable prefix matching.

Trade-offs: indexes cost storage and slow writes. Each INSERT/UPDATE/DELETE modifies indexes. High-cardinality columns (unique values) benefit most. Low-cardinality columns like booleans rarely help. Use EXPLAIN to verify index usage before adding them.

Q: What’s your process for optimizing slow queries?

Start with EXPLAIN ANALYZE to understand execution. Look for full table scans, missing indexes, inefficient joins. Identify bottlenecks: sequential scans on large tables, nested loops without indexes, sorts without covering indexes.

Rewrite before adding indexes. Avoid SELECT * when needing specific columns. Replace correlated subqueries with JOINs. Use LIMIT to reduce results. Consider denormalization for read-heavy workloads. Connection pooling prevents overwhelming database with concurrent connections.

Q: How do you choose between SQL and NoSQL databases?

SQL databases guarantee ACID transactions, enforce schemas, support complex joins. They excel at relational data with consistency requirements (financial transactions, user authentication). PostgreSQL and MySQL offer mature tooling. NoSQL databases trade consistency for scalability. MongoDB suits hierarchical data without fixed schemas. Redis provides sub-millisecond caching. Cassandra handles massive writes. CAP theorem: you can’t guarantee Consistency, Availability, and Partition tolerance simultaneously.

Caching and Performance

Effective caching strategies backend systems use can dramatically improve performance when applied correctly.

Caching Implementation

Q: Where should caching happen in backend systems?

Client-side caching stores responses in browsers using Cache-Control: max-age=3600 headers. CDNs cache static assets and API responses geographically. Application caching with Redis or Memcached stores computed results, database outputs, session data. Database query caches store parsed queries and results. Each layer trades freshness for speed. Cache invalidation remains hard: knowing when cached data becomes stale.

Q: What problems does Redis solve beyond basic caching?

Redis serves as distributed lock coordinator (SET key value NX EX seconds atomically creates keys with expiration). Rate limiting uses counters that increment per request and expire after window. Pub/Sub messaging enables real-time features. Redis Streams provide persistent message queues. Sorted sets power leaderboards with O(log N) operations. Session storage benefits from persistence and fast lookups across servers.

Q: How do you handle cache invalidation?

Time-based expiration sets TTL matching data volatility (config: hours, prices: minutes, trends: seconds). Write-through caching updates cache with database writes ensuring consistency. Cache-aside loads data on first read then serves from cache. Event-based invalidation deletes entries when data changes. Versioned keys embed version in key names (user:123:v5). Updating creates new version, old data expires naturally.

Q: What’s cache stampede and how do you prevent it?

Cache stampede happens when many requests simultaneously regenerate the same expired cache entry, overwhelming the database. Solutions: distributed locks ensure only one request regenerates cache while others wait. Probabilistic early expiration refreshes cache before actual expiration. Background refresh updates cache asynchronously before expiration. Cache warming pre-populates cache during deployment.

System Architecture and Scaling

Defining clear backend system architecture requires understanding when patterns solve problems versus creating them.

Scaling Strategies

How do you decide microservice boundaries?

Domain-driven design guides boundaries. Each service owns a bounded context: authentication service, payment service, product catalog. Services should deploy independently without coordinating releases. Key test: can teams deploy without waiting for others?

Avoid distributed monoliths (tightly coupled services deploying together). Watch for shared databases creating hidden coupling. Database-per-service provides independence but requires handling eventual consistency.

When should you use event-driven architecture?

Event-driven systems decouple producers from consumers. Order completion emits OrderCompleted event. Inventory, shipping, analytics services consume independently. New consumers subscribe without modifying producers. Asynchronous communication handles load spikes (events queue until processed).

However, debugging becomes harder (flows scatter across services). Event ordering matters (PaymentCompleted before OrderCreated causes issues). Eventual consistency challenges logic assuming immediate updates. Message brokers add infrastructure complexity.

What’s the difference between horizontal and vertical scaling?

Vertical scaling adds resources to existing servers (more CPU, RAM, faster disks). Simple: no code changes. But hardware limits exist, single servers create failure points, large instances cost more per compute unit.

Horizontal scaling adds more servers running identical code. Load balancers distribute traffic. Stateless apps scale easily (any server handles any request). Stateful apps need shared session stores. Databases pose challenges: read replicas help reads, sharding distributes writes, both add complexity. Auto-scaling adjusts count based on load.

API & Database Quiz

20 Practice Questions

1. Which HTTP status code indicates successful resource creation?

  • 200 OK
  • 201 Created
  • 202 Accepted
  • 204 No Content

2. What does ACID stand for in database transactions?

  • Authentication, Consistency, Integrity, Durability
  • Atomicity, Consistency, Isolation, Durability
  • Atomicity, Caching, Isolation, Distribution
  • Authentication, Concurrency, Integrity, Distribution

3. In SELECT * FROM users WHERE status = 'active' on 1M users, what improves performance most?

  • Use COUNT(*) instead
  • Add index on status column
  • Increase database RAM
  • Switch to NoSQL

4. What’s the main difference between PUT and PATCH?

  • PUT creates, PATCH updates
  • PUT replaces entire resource, PATCH updates partial fields
  • PUT is idempotent, PATCH is not
  • They’re functionally identical

5. Which Redis data structure powers real-time leaderboards?

  • List
  • Hash
  • Sorted Set
  • String

6. What does N in N+1 query problem refer to?

  • Number of database servers
  • Number of records in initial query
  • Number of indexes
  • Network latency milliseconds

7. In REST, what does stateless mean?

  • No database usage
  • No authentication required
  • Each request contains all necessary context
  • Server doesn’t return status codes

8. Which scenario benefits most from GraphQL over REST?

  • Public API with aggressive HTTP caching
  • Mobile app needing flexible nested data queries
  • Simple CRUD operations
  • Legacy system integration

9. What’s the primary purpose of connection pooling?

  • Encrypt database connections
  • Reuse existing connections instead of creating new ones
  • Distribute queries across databases
  • Cache query results

10. In CAP theorem, what does P stand for?

  • Performance
  • Persistence
  • Partition tolerance
  • Primary keys

11. Which HTTP method is idempotent?

  • POST
  • PUT
  • Both POST and PUT
  • Neither

12. What’s the main advantage of JWT over session cookies?

  • Better security
  • Stateless authentication without server storage
  • Smaller payload
  • Automatic expiration

13. Given CREATE INDEX idx ON users(country, city), which query benefits most?

  • WHERE city = 'NYC'
  • WHERE country = 'USA' AND city = 'NYC'
  • WHERE city = 'NYC' AND country = 'USA'
  • All benefit equally

14. What’s cache stampede?

  • Cache fills up and evicts all entries
  • Many requests simultaneously regenerate same expired cache entry
  • Cache invalidation cascading across servers
  • Database replication lag

15. Which normalization form prevents partial dependency?

  • 1NF
  • 2NF
  • 3NF
  • BCNF

16. What does eventual consistency mean?

  • Data is never consistent
  • Consistency guaranteed immediately
  • Data becomes consistent after propagation delay
  • Only one node has consistent data

17. Which load balancing algorithm ensures client always hits same server?

  • Round-robin
  • Least connections
  • IP hash
  • Random

18. What’s the primary purpose of database indexing?

  • Reduce storage size
  • Speed up query lookups
  • Enforce data integrity
  • Enable backups

19. In microservices, what’s a bounded context?

  • Maximum service size limit
  • Specific domain model with clear boundaries
  • Network timeout configuration
  • Container resource limits

20. What’s the main drawback of denormalization?

  • Slower reads
  • Data redundancy and update anomalies
  • Increased storage costs
  • More complex queries

❓ FAQ

🎯 How technical do backend interviews get?

Expect live coding on whiteboard or shared editor. System design requires drawing architecture diagrams. Mid-level focuses on implementation; senior emphasizes trade-offs and architectural decisions.

💼 Should I specialize in one backend language?

Master one language deeply for coding questions but understand concepts that transfer. Database and system design knowledge matters more than syntax. Python’s asyncio helps understand Node.js event loops.

⏰ How much time on database optimization topics?

Database questions appear in almost every backend interview. Practice SQL queries, EXPLAIN output analysis, indexing strategies. This separates candidates with production experience from tutorial-only backgrounds.

📋 Do I need to know every database technology?

No. Understand SQL versus NoSQL trade-offs, know one relational database well, grasp Redis basics. Explaining PostgreSQL vs MongoDB matters more than memorizing every database’s syntax.

✨ What if I haven’t built distributed systems?

Study architectural patterns without hands-on experience. Understand eventual consistency, CAP theorem, message queues. Interviewers assess reasoning about scaling challenges, not just recalling past projects.

Final Thoughts

Modern backend developer interview questions test system-building ability under real constraints. Master API design principles that prevent breaking clients, database optimization beyond adding indexes, caching strategies that improve performance without bugs, and scaling patterns for handling growth. Success requires practical experience building actual systems combined with understanding core concepts that transfer across technologies and frameworks.

⚠️ Disclaimer: The interview strategies, sample answers, and negotiation tips provided in this guide are for educational purposes only. Hiring decisions are subjective and vary by company and industry. While these strategies are based on professional HR standards, they do not guarantee a specific job offer or result.

Related guides

Latest articles